Authentication module via: Pac4j.
ClientsWebContextas RequestScoped- auth filter per
Client - auth callback
<dependency>
<groupId>org.jooby</groupId>
<artifactId>jooby-pac4j</artifactId>
<version>1.0.0</version>
</dependency>{
get("/public", () -> ..);
use(new Auth());
get("/private", () -> ..);
}Previous example adds a very basic but ready to use form login auth every time you try to
access to /private or any route defined below the auth module.
Pac4j is a powerful library that supports multiple clients and/or authentication protocols. In the next example, we will see how to configure the most basic of them, but also some complex protocols.
If basic auth is all you need, then:
{
use(new Auth().basic());
}A IndirectBasicAuthClient depends on UsernamePasswordAuthenticator, default is
SimpleTestUsernamePasswordAuthenticator which is great for development, but nothing good
for other environments. Next example setup a basic auth with a custom:
UsernamePasswordAuthenticator:
{
use(new Auth().basic("*", MyUsernamePasswordAuthenticator.class));
}Form authentication will be activated by calling form:
{
use(new Auth().form());
}Form is the default authentication method so previous example is the same as:
{
use(new Auth());
}Like basic auth, form auth depends on a UsernamePasswordAuthenticator.
A login form will be ready under the path: /login. Again, it is a very basic login
form useful for development. If you need a custom login page, just add a route before the
Auth module, like:
{
get("/login", () -> Results.html("login"));
use(new Auth());
}Simply and easy!
Twitter, example:
{
use(new Auth()
.client(conf ->
new TwitterClient(conf.getString("twitter.key"), conf.getString("twitter.secret"))));
}Keep in mind you will have to add the require Maven dependency to your project, beside that it is pretty straight forward.
By default a Client will protect all the urls defined below the module, because routes in
are executed in the order they where defined.
You can customize what urls are protected by specifying a path pattern:
{
use(new Auth().form("/private/**"));
get("/hello", () -> "no auth");
get("/private", () -> "auth");
}Here the /hello path is un-protected, because the client will intercept everything
under /private.
Jooby relies on AuthStore for saving and retrieving a CommonProfile. By default,
the CommonProfile is stored in the Session via auth session store
After a successful authentication the CommonProfile is accessible as a request scoped attribute:
{
use(new Auth().form());
get("/private", req -> require(HttpProfile.class));
}facebook (or any oauth, openid, etc...)
{
use(new Auth().client(new FacebookClient(key, secret));
get("/private", req -> require(FacebookProfile.class));
}Custom AuthStore is provided via Auth#store method:
{
use(new Auth().store(MyDbStore.class));
get("/private", req -> require(HttpProfile.class));
}A default /logout handler is provided it too. The handler will remove the profile
from AuthStore by calling the AuthStore#unset method. The default login
will redirect to /.
A custom logout and redirect urls can be set via .conf file or programmatically:
{
use(new Auth().logout("/mylogout", "/redirectTo"));
}That's all folks! Enjoy it!!!
auth {
# default callback, like http://localhost:8080/auth
callback = "http://"${application.host}":"${application.port}${application.path}"auth"
# login options
login {
# Where to go after a successful login?
redirectTo = /
}
# logout options
logout {
url = /logout
redirectTo = /
}
# form auth
form.loginUrl = /login
}